Commit 59b42ab
Fix nullptr-with-zero-offset ubsan issue in bf16 downscale path (#543)
When c_downscale < DLP_F32 (bf16 output) and k <= KC, the temporary float
buffer for C was not allocated, leaving c_use_jc as NULL. Later pointer
arithmetic c_use_ic = c_use_jc + offset triggered UBSan's 'applying zero
offset to null pointer'. Always assign c_use_jc = c + jc so the arithmetic
is well-defined; the value is unused when c_downscale < DLP_F32 (k <= KC
path writes directly to buf_downscale).
Co-authored-by: Zhiyi Zhang <zhiyizhang@meta.com>1 parent 3a43dd1 commit 59b42ab
3 files changed
Lines changed: 20 additions & 16 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
385 | 385 | | |
386 | 386 | | |
387 | 387 | | |
388 | | - | |
389 | | - | |
390 | | - | |
| 388 | + | |
| 389 | + | |
| 390 | + | |
| 391 | + | |
391 | 392 | | |
392 | | - | |
| 393 | + | |
393 | 394 | | |
394 | 395 | | |
395 | 396 | | |
| |||
1067 | 1068 | | |
1068 | 1069 | | |
1069 | 1070 | | |
1070 | | - | |
1071 | | - | |
1072 | | - | |
| 1071 | + | |
| 1072 | + | |
| 1073 | + | |
| 1074 | + | |
1073 | 1075 | | |
1074 | | - | |
| 1076 | + | |
1075 | 1077 | | |
1076 | 1078 | | |
1077 | 1079 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
178 | 178 | | |
179 | 179 | | |
180 | 180 | | |
181 | | - | |
182 | | - | |
183 | | - | |
| 181 | + | |
| 182 | + | |
| 183 | + | |
| 184 | + | |
184 | 185 | | |
185 | | - | |
| 186 | + | |
186 | 187 | | |
187 | 188 | | |
188 | 189 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
184 | 184 | | |
185 | 185 | | |
186 | 186 | | |
187 | | - | |
188 | | - | |
189 | | - | |
| 187 | + | |
| 188 | + | |
| 189 | + | |
| 190 | + | |
190 | 191 | | |
191 | | - | |
| 192 | + | |
192 | 193 | | |
193 | 194 | | |
194 | 195 | | |
| |||
0 commit comments